Source: Technical guides batch (6 deep-dive docs from Preston-Test)
What this source is
Six technical documentation files from the Preston-Test repo’s docs/ directory, read directly (not via NotebookLM). These are the CTO’s depth sources — the guides a technical reviewer opens when the high-level claims on production-proof or suitecentral-2-overview need verification at the code level.
| # | File | Topic |
|---|---|---|
| 1 | docs/features/ai-features-guide.md | 5-agent + orchestrator AI architecture |
| 2 | docs/features/REASONING-TRACES-GUIDE.md | v2.0 DB-backed reasoning trace service |
| 3 | docs/features/PII-DETECTION-GUIDE.md | 14-pattern DLP with field-gating |
| 4 | docs/guides/SECURITY-AND-RATE-LIMITING.md | Production guards + rate limiting |
| 5 | docs/tutorials/NL-ACTION-GATE-TUTORIAL.md | The 6 live actions + propose→approve→execute |
| 6 | docs/adr/ADR-004-DUAL-AI-SYSTEM-DESIGN.md | (not read this turn — queued) |
Key claims (new content, grouped by file)
PII Detection Guide — DEFINITIVE RESOLUTION of the DLP pattern count
- 14 PII patterns total: 8 value-gated + 6 field-gated. This is the authoritative count, resolving all prior discrepancies:
- 8 value-gated (always match): SSN, credit cards, emails, phone (US/NANP), medical records, API keys, JWT tokens, IP addresses
- 6 field-gated (match only with field-context): international phone, bank account, date of birth, passport, driver’s license, name
- Field-gated patterns use
requiresFieldContext: truemetadata and per-typeisXxxRelatedFieldPath()helpers - Two-pass path tokenization prevents false positives (e.g.,
+12.3456.7890in aversionfield would be a phone_intl false positive) - Scope limitation: field-gated patterns do NOT flag in free-form text payloads — intentional, because the false-positive risk is higher without stable field names
namepattern was recently migrated from GovernanceService into DLPService as a field-gated pattern with a whole-value shape regex → Updates production-proof — the DLP reconciliation section can now cite the definitive 14 = 8 + 6 with the field-gating mechanism explained.
NL Action Gate Tutorial — THE 6 LIVE ACTIONS NAMED
-
The 6 supported commands (matching the “6 live actions” in 04-technical-proof v3.3):
Command Example Target Module Refund ”Refund this customer $75” PaymentCentral Create PO ”Create purchase order for Acme Corp” SupplierCentral Update Inventory ”Update inventory for Widget A to 100” InventoryCentral Send Notification ”Send reminder to John” PortalCentral Approve Document ”Approve invoice #12345” FinanceCentral Cancel ”Cancel subscription SUB-123” SyncCentral -
Three-step workflow:
POST /api/nl-action-gate/propose→POST /api/nl-action-gate/actions/{id}/approve→POST /api/nl-action-gate/actions/{id}/execute. The approve step requires auserId. High-risk actions (riskLevel: "high") require approval; lower-risk may auto-execute. → Updates nl-action-gate — the 6 actions are now named with their target modules.
AI Features Guide — 5-agent + orchestrator architecture
- 5 AI agents (application layer, distinct from the 9 AI providers which are the infrastructure layer):
- Field Mapping Agent — 96.2% accuracy, confidence scoring
- Data Quality Agent — 98.5% quality scoring, anomaly detection
- Process Optimization Agent — predictive failure detection
- Integration Strategy Agent — ROI analysis, strategic recommendations
- Business Intelligence Agent — executive reporting, analytics
- + Multi-Agent Orchestrator — coordinates all agents
- “320% ROI” from AI integration — this is a DIFFERENT ROI claim than the 25-157% 3-year ROI from 04-roi-calculator. The AI-features guide is measuring AI-feature-specific ROI, not platform-level 3-year ROI. Don’t conflate.
- AI Command Palette (Ctrl+K) — universal natural-language access to all AI features: “What’s my data quality score?”, “Show me ROI predictions”, “Create Salesforce to NetSuite sync”, etc.
Reasoning Traces Guide — v2.0 DB-backed
- Version 2.0.0 (Database-Backed), last updated April 9, 2026
- Data model: AISession (sessionId, userId, workflowType, status, overallConfidence, executionTime) + ReasoningTrace (stepNumber, agentName, action, inputSummary, outputSummary, confidence, reasoning, executionTime)
- 30-day default retention (matches the compliance dashboard’s P1 Privacy entry)
- Export utilities: JSON compliance exports (matches the evidence export button on the compliance dashboard)
Security & Rate Limiting Guide — defense-in-depth, fail-fast
- Three production guards (each causes
process.exit(1)— server will NOT start if misconfigured):- JWT secret must not be the default value in production
- Rate limiting must be enabled in production
- Demo mode must not be active in production
- Rate limits: 100 requests per 60 seconds (configurable), with standard + legacy headers
- Source file paths:
src/config/env.ts:163-166(JWT),src/config/env.ts:167-170(rate limiting),src/index.ts:546-554(demo mode)
Pages updated by this ingest
Updated (4 existing pages):
- production-proof — DLP pattern count definitively resolved as 14 = 8 value-gated + 6 field-gated with field-gating mechanism explained
- nl-action-gate — the 6 live actions named with target modules; three-step API workflow documented
- suitecentral-2-overview — added the 5-agent + orchestrator application-layer architecture
- compliance-dashboard — cross-linked the 30-day retention and JSON export to the Reasoning Traces Guide
Cross-references
- 14 DLP patterns with field-gating is the FINAL answer: the PII Detection Guide explicitly lists all 14 and explains why 6 are field-gated. The compliance dashboard snapshot of 14 patterns now perfectly matches the code documentation. Previous wiki reconciliation attempts that said “11 confirmed, 3 unaccounted” were incomplete — all 14 are implemented, 6 with field-context requirements.
- “5 AI agents” vs “9 AI providers”: agents are the APPLICATION layer (what the AI does); providers are the INFRASTRUCTURE layer (which AI models run). They coexist. Framing: SuiteCentral 2.0 has 5 agents running on 4 providers (+ 2 experimental + 1 fallback).
- The 6 NL Action Gate commands map to 6 of 16 modules: PaymentCentral, SupplierCentral, InventoryCentral, PortalCentral, FinanceCentral, SyncCentral. The remaining 10 modules don’t yet have NL actions (room for expansion).